Sorry for the delayed reply... On Tue, 18 Apr 2006, David F. Skoll wrote:
Hi, I think greylisting is nearing the end of its useful life. I'm noticing a new kind of ratware that retries every 5 minutes like clockwork, mutating message bodies. Our CanIt software tempfails mail until it's approved by a human, and this mechanism has the side-effect of illuminating ratware behaviour. For example: http://www.roaringpenguin.com/canit/showtrap.php?o=71.0.177.139&status=spam (Login/password = demo/demo) Anyone else seeing this? We see it quite a lot, and always from cable modem or DSL machines (probably cracked Windoze boxes.)
*sigh* We don't greylist (yet) but I can confirm that in the past 6-8 months we've seen a rise of certain modes of operation: - ratware infected boxen on campus use campus relays which relay by IP. They spew, we queue. Badness for everyone. - Inbound ratware using SMTP AUTH to authenticate as a real user (using stolen credentials) and thus use us as MSA for their spam. (These have been exclusively phishes) I strongly feel that the rise of these incidents is a direct response to greylisting and rate throttling. -n -- ------------------------------------------- nathan hruby <[EMAIL PROTECTED]> uga enterprise information technology services core services support ------------------------------------------- "In 1972 a crack commando unit was sent to prison by a military court for a crime they didn't commit...." _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
